Welcome back! I hope you have gone through the previous blogs, where we discussed about “CAN Bus protocol”. In this blog we will look into OBD-II which is the goto option for diagnostics in vehicles and how exactly it makes the diagnostics a lot easier for advanced vehicles.
We have already discussed how vehicle data is being used for increasing efficiency of journey and also in development of Self driving vehicles software and how CAN Bus is helping in order to smoothly run those, we also need efficient diagnosis support.
Have you ever noticed, when you drive your vehicle to the service center, they will simply plug a device to identify weak and faulty parts without disassembling the mechanical components or manually checking like the good old days.
Well, this is made possible by On-Board Diagnostics version 2 in short OBD-II (SAE J1962). OBD-II is a diagnostic system used for indicating and reporting problems within the vehicle using DTC (Diagnostic trouble) codes. In simple terms OBD2 can diagnose your vehicle’s health and identify the faulty nodes which helps you to solve those problems in an easy way.
Generally, the workshop personal will connect an custom OBD-II scanner/reader to read the DTC’s and will accordingly fixes the issues.
OBD was first introduced to the world in 1960’s. Later the standardiztion work is done by California Air Resources Board (CARB), the Society of Automotive Engineers (SAE), the International Organization for Standardization (ISO) and the Environmental Protection Agency (EPA).
Before the standardization OEMs were using custom tools, connectors and custom diagnostic codes according to model and company.
![On board diagnostics timeline](/static/images/remoteblogs/kartheek.lade/automotiveblog4/OBDII timeline.png)
OBD-II is higher layer protocol where it uses CAN as a communication medium. SAE J1962 standard specifies an specifies two types of16 pin OBD-II connecter working on 12V (A) and 24V(B) and the pinout mostly depends on the vendor’s choice of communication protocols. But, the most common is CAN in pins 6(H) and 14(L) via ISO 15765 (which specifies a transport protocol and network layer services tailored to meet the requirements of CAN‑based vehicle network systems on controller area networks as specified in ISO 11898‑1)
OBD-II data packet
![On board diagnostics response packet breakdown](/static/images/remoteblogs/kartheek.lade/automotiveblog4/OBDII response message.png)
- Identifier: an identifier is standard 11-bit and used to distinguish between a request messages and response message. An OBD-II request message is 7DF and the response identifier ranges from 7E8 to 7EF.
Length: it is the number of bytes of the remaining data in the packet.
- Mode: in the SAE J1979 OBD2 standard 10 modes as described. Mode 1 shows Current Data and real-time data the mode will be 1, and other modes are used show or clear stored DTC’s.
|01||for current data.|
|02||for current freeze frame data.|
|03||for stored Diagnostic Trouble codes.|
|04||is to clear any stored values or DTC’s.|
|05||is to show results of non-CAN O2 sensors.|
|06||is to show test results for system monitoring.|
|07||for pending DTC’s.|
|08||for on board system control operation.|
|09||for VIN number information.|
|10||for permanent DTC.|
- PID: a list of standard OBD2 PIDs exist for each mode. in Mode 01, PID 03 is for obtaining fuel status. Each PID has a description and some have a specified min/max and conversion formula in the standard.
- A, B, C, D: These are the data bytes in HEX, which need to be converted to decimal form before they are used in the PID formula calculations.
Can a hacker reverse engineer vehicle through OBD-II ?
It is quite simple to log CAN data through OBD-II by using open-source Software and hardware. But we might not get full CAN data through OBD-II and also a Database Conversion is also required to completely decode the data further to reverse engineer the vehicle.
What does OBDII offers ?
- We can control powertrain.
- DTC about emission control systems.
- VIN number for identification purposes.
These become a threat point for business as they strike on very important points of the supply chain.
Is there a modern OBD-III ?
We already have wireless technology in our lives, OBD-III is a wireless testing technology which transmits diagnostic information through radio frequency. For example, while going through a pollution check point or toll gate. We can get VIN number from OBD-II so a VIN can used to map the DTCs to a central hub to track and perform diagnostics remotely.
Well, there are some 3rd party services doing that, but I feel like it’s the 1960’s situation again, no standard for those services.
How OBD can improve Business fleet management?
OBD can provide the driving pattern and deployed vehicles health by measuring several aspects of the car, such as speed, idle time, driving behavior and also some remote-control options to detect crash and stop/start* the vehicle.
Where are we now, today?
For beginners, OBD-II is quite exposed in all the cars for several purposes. But there should be a mechanism to allow only an authorized technician to collect data. Lot of vehicle manufacturers are filtering the data flowing through OBD-II and lot of sub bus techniques are implemented in the first place. By the time OBD-III becomes common we must be prepared to secure vehicles further.
We hope this blog post gave you a keen overview about On-board Diagnostics. If you are reading up to this point, you are very much interested in Automotive security. This blog post aimed to give you an idea about OBD-II which is widely used in vehicles for different purposes. Going forward, the next blog post will describe about open source tools used in car hacking. I hope you enjoyed reading this as much as I enjoyed writing it 🙂
Payatu is a research-powered cybersecurity service and training organization specialized in IoT, embedded, mobile, cloud, infrastructure security, and advanced security training. We offer a full IoT/IIoTT ecosystem security assessment, including hardware, firmware, middleware, and application interfaces. If you are looking for security testing services then let’s talk, share your requirements: https://payatu.com/#getstarted Payatu is at the front line of IoT security research, with a great team, and in house tools like expliot.io. In the last 8+ years, Payatu has performed, security assessment of 100+ IoT/IIoT product ecosystems and we understand the IoT ecosystem inside out. Get in touch with us. Click on the get started button below.